juju-core

Bug #1417875
Comment #4

Comment 4 for bug 1417875

Revision history for this message

Paul Gear (paulgear) wrote on 2015-02-04:

I neglected to mention earlier that these problems were showing up on juju-core 1.21.1-0ubuntu1~14.04.1~juju1.

I tried again with the same environment on juju-core 1.20.14-0ubuntu1~14.04.1~juju1 (which no longer seems to be present in the repos - why?) and the problem does not occur. Here is a log of a manual connection attempt with the rsyslog configuration deployed by 1.20.14:

root@rasalhague:/var/log/juju# openssl s_client -CAfile ca-cert.pem -connect 10.49.4.0:6514
CONNECTED(00000003)
depth=1 O = juju, CN = juju-generated CA for environment \"rsyslog\"
verify return:1
depth=0 O = juju, CN = *
verify return:1
---
Certificate chain
0 s:/O=juju/CN=*
   i:/O=juju/CN=juju-generated CA for environment "rsyslog"
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICOTCCAaSgAwIBAgIBADALBgkqhkiG9w0BAQUwRTENMAsGA1UEChMEanVqdTE0
MDIGA1UEAwwranVqdS1nZW5lcmF0ZWQgQ0EgZm9yIGVudmlyb25tZW50ICJyc3lz
bG9nIjAeFw0xNTAyMDQwNjI3MjZaFw0yNTAyMDQwNjMyMjVaMBsxDTALBgNVBAoT
BGp1anUxCjAIBgNVBAMTASowgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALek
sdX50hAu67zJXx3pgIQgZRS9VxU9+hFJCNBdP4f4AAr66kIiD3mDqFgK/m6Hikjz
Ygl5I1mR4IPvU8fdLDO73N09Z79dAo/6BmJe4GMG8q5ZuzKvGuBKQEwyH5Au4hzp
Hh+CK8uzJ4z9D+wL90nCuBlrNIonWqnCD9uRFBkVAgMBAAGjZzBlMA4GA1UdDwEB
/wQEAwIAqDATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQUYchdTv6AxFgO
Vhl0CCdbD5tcDW8wHwYDVR0jBBgwFoAUi89ZzFuSarbzgsLFeQc7llHZsNcwCwYJ
KoZIhvcNAQEFA4GBAFD69qxiD/ZCdRz8z1+m/up11gsq78GgE0/pLXV+EB7tZfAz
3mehJEzGNYZV365U6//6+Tw07nUY/S8HHliPsVpmzdS8JdzmInlQnbNPHokwNySP
LbQJlmkGKNy5RIG/zuT5aMpGEdd6wkqfMLSIbvY89dF3+YL2rnPe+TBll2Ig
-----END CERTIFICATE-----
subject=/O=juju/CN=*
issuer=/O=juju/CN=juju-generated CA for environment "rsyslog"
---
Acceptable client certificate CA names
/O=juju/CN=juju-generated CA for environment "rsyslog"
/O=juju/CN=juju-generated CA for environment "rsyslog"
---
SSL handshake has read 1120 bytes and written 547 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA256
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol : TLSv1.2
    Cipher : AES256-SHA256
    Session-ID: CA6FCBCD53F11C86AE130265CC4CA7568876B202ABD9EDC984FF85FE9CD8BA3D
    Session-ID-ctx:
    Master-Key: AA3880BEB10E8EE5B7AF58ED3477823079E3523F98756D42366B521D6361E5E111B82165EEED67D21371EF4A643A6888
    Key-Arg : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1423031626
    Timeout : 300 (sec)
    Verify return code: 0 (ok)
---
^C
root@rasalhague:/var/log/juju#

I neglected to mention earlier that these problems were showing up on juju-core 1.21.1-0ubuntu1~14.04.1~juju1.

I tried again with the same environment on juju-core 1.20.14-0ubuntu1~14.04.1~juju1 (which no longer seems to be present in the repos - why?) and the problem does not occur.  Here is a log of a manual connection attempt with the rsyslog configuration deployed by 1.20.14:

root@rasalhague:/var/log/juju# openssl s_client -CAfile ca-cert.pem -connect 10.49.4.0:6514
CONNECTED(00000003)
depth=1 O = juju, CN = juju-generated CA for environment \"rsyslog\"
verify return:1
depth=0 O = juju, CN = *
verify return:1
---
Certificate chain
 0 s:/O=juju/CN=*
   i:/O=juju/CN=juju-generated CA for environment "rsyslog"
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICOTCCAaSgAwIBAgIBADALBgkqhkiG9w0BAQUwRTENMAsGA1UEChMEanVqdTE0
MDIGA1UEAwwranVqdS1nZW5lcmF0ZWQgQ0EgZm9yIGVudmlyb25tZW50ICJyc3lz
bG9nIjAeFw0xNTAyMDQwNjI3MjZaFw0yNTAyMDQwNjMyMjVaMBsxDTALBgNVBAoT
BGp1anUxCjAIBgNVBAMTASowgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALek
sdX50hAu67zJXx3pgIQgZRS9VxU9+hFJCNBdP4f4AAr66kIiD3mDqFgK/m6Hikjz
Ygl5I1mR4IPvU8fdLDO73N09Z79dAo/6BmJe4GMG8q5ZuzKvGuBKQEwyH5Au4hzp
Hh+CK8uzJ4z9D+wL90nCuBlrNIonWqnCD9uRFBkVAgMBAAGjZzBlMA4GA1UdDwEB
/wQEAwIAqDATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQUYchdTv6AxFgO
Vhl0CCdbD5tcDW8wHwYDVR0jBBgwFoAUi89ZzFuSarbzgsLFeQc7llHZsNcwCwYJ
KoZIhvcNAQEFA4GBAFD69qxiD/ZCdRz8z1+m/up11gsq78GgE0/pLXV+EB7tZfAz
3mehJEzGNYZV365U6//6+Tw07nUY/S8HHliPsVpmzdS8JdzmInlQnbNPHokwNySP
LbQJlmkGKNy5RIG/zuT5aMpGEdd6wkqfMLSIbvY89dF3+YL2rnPe+TBll2Ig
-----END CERTIFICATE-----
subject=/O=juju/CN=*
issuer=/O=juju/CN=juju-generated CA for environment "rsyslog"
---
Acceptable client certificate CA names
/O=juju/CN=juju-generated CA for environment "rsyslog"
/O=juju/CN=juju-generated CA for environment "rsyslog"
---
SSL handshake has read 1120 bytes and written 547 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA256
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES256-SHA256
    Session-ID: CA6FCBCD53F11C86AE130265CC4CA7568876B202ABD9EDC984FF85FE9CD8BA3D
    Session-ID-ctx: 
    Master-Key: AA3880BEB10E8EE5B7AF58ED3477823079E3523F98756D42366B521D6361E5E111B82165EEED67D21371EF4A643A6888
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1423031626
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
^C
root@rasalhague:/var/log/juju#